Tunneling Application On %IAfter=syslog.target network.target [Service];Type=notify for 2.4 but this didn't workExecStart=/usr/sbin/openvpn --cd /etc/openvpn/ --config client.conf --remote %I [Install]WantedBy=multi-user.targ
All,
what are recommended MTU / fragment / mssfix settings for UDP road warriors?
What settings are best for clients connecting to port 443 (TCP)?
- Chris
--
___
Openvpn
which is allowed to be filtered (for now:
"ifconfig" and "route", more maybe later) is detected
- 3rd option defines the filter for that option name (prefix-style
filter for now, maybe some regex-style filter sometime later)
I think this would be a very clean solution becau
" is a partial match.
As you wrote having things like 'Note the space at the end of "route "
to not reject "route-gateway"' is error prone. Users might complain
about hard-to-explain config errors. Or even worse, one filt
On Mon, May 16, 2016 at 1:51 PM, Gert Doering wrote:
> I'm not promising anything - this is a fairly special-case request, and
> we already have sooo many special-case options that tend to get broken
> if we change other bits of the code - it should be able to implement
> these (route, ifconfig, i
On Fri, May 13, 2016 at 7:44 PM, Gert Doering wrote:
> On Fri, May 13, 2016 at 05:51:20PM +0200, Chris Laif wrote:
>> I wonder if there is an easy way to protect the client from executing
>> ifconfig/route-statements sent by an (untrusted) server. I think of
>> som
those networks would be ignored.
I know the 'ifconfig-noexec' and 'route-nopull' options which likely
could be combined with some bash scripts parsing the push-options ...
but that's not an ea
rous things on the server side, and then fixing a
user error, I’m operational. Hopefully, all else will be clear to me from here
on out. :-)
- Chris
-
hing I’m missing to
define the “certificate purpose” of my certificate?
- Chris
--
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process in accordance
> On Apr 17, 2015, at 09:22, debbie...@gmail.com wrote:
> Hi Chris
>
> sorry to but in .. I just want to clear this up:
Oh, no problem. Happy to get any sort of feedback….
>> Using “1.0" parses, but doesn’t fix the problem. Same results. Trying
>> 1.1 or
t _want_ to have two openssl libraries on the system, but it is
something I can do if needed. Anything else I can try to manually specify a
TLS cipher on the server side, first?
- Chris
--
BPM Camp - Free
> On Apr 16, 2015, at 10:04, Chris Ross wrote:
>> On Apr 16, 2015, at 09:51, Chris Ross wrote:
>>> On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
>>> One thing you could try is to run the underlying openssl command on both
>>> client and server:
&g
> On Apr 16, 2015, at 09:51, Chris Ross wrote:
>> On Apr 16, 2015, at 03:01, Jan Just Keijser wrote:
>> if no list of TLS ciphers is specified then the client will attempt the full
>> list of ciphers that you see with "--with-tls" ; with OpenSSL it is actual
t [length 0002], fatal handshake_failure
02 28
ERROR
3148076708:error:1408A0C1:SSL routines:SSL3_GET_CLIENT_HELLO:no shared
cipher:/data/NetBSD/src/crypto/dist/openssl/ssl/s3_srvr.c:1076:
shutting down SSL
CONNECTION CLOSED
So, no list of shared ciphers. Is something wrong with my server on the
at information logged?
Any other thoughts as to what is going on to cause the "no shared cipher"
error I'm seeing?
Thanks. I'll pick this up again in the morning, let me know any more
information I can gather to
our certificate by posting/looking at
> openssl x509 -text -noout -in cert/distal-ca.crt
> openssl x509 -text -noout -in cert/distalvpn.crt
Pretty sure they’re just standard RSA. Generated with openssl req and
openssl ca, IIRC. Appended…
Are these using SHA1, and I need SHA2?
The servers list is shorter, but notably long (50+). How can I
tell if the client is requesting/using something specific?
- Chris
Available TLS Ciphers,
listed in order of preference:
TLS-ECDHE-RSA-WITH-AES-256-GCM-SHA384
TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384
TLS-
colon comments removed, my main
server-side network obscured, this is the server-side config. Thanks for your
help…
- Chris
;local a.b.c.d
port 1194
proto tcp
;proto udp
;dev tap
dev tun
ca cert/distal-ca.crt
cert cert/distalvpn.crt
k
to
understand and draw a solution for myself from.
Thanks much…
- Chris
--
BPM Camp - Free Virtual Workshop May 6th at 10am PDT/1PM EDT
Develop your own process
will route to this client, so effectively,
> it's forcing the address)
that's what I was looking for. Thank you!
- Chris
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Int
Dear All,
is it possible to assign a client a mandatory IP address that can't be
changed?
Thank you in advance.
- Chris
--
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Inte
I realize this question has been asked on this mailing list countless
times, I think the difference here is I just want to gain a better
understanding as to whats happening 'under the hood' as I track this
problem to its source.
From the logs, I get lots of:
Authenticate/Decrypt packet error:
talk, please let me know here, or (preferably) through meetup.com.
Thanks,
Chris Westin
--
LIMITED TIME SALE - Full Year of Microsoft Training For Just $49.99!
1,500+ hours of tutorials including VisualStudio 2012, Windows 8,
23 matches
Mail list logo
